10597 matches found
CVE-2025-38222
In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_datafeature enabled, it will lead to the bug below. fd = open("file1", O_RDWR | O_CREAT | O_TRUNC, 0666); ...
CVE-2025-38225
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, furtherallocation errors will be false-positives, which will cause buffers toremain uninitialized and cause NULL pointer ...
CVE-2025-38227
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtv_mux_init. [1] After PSI initialization fails, the si member is accessed again, resultingin this uaf. Aft...
CVE-2025-38232
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix race between nfsd registration and exports_proc As of now nfsd calls create_proc_exports_entry() at start of init_nfsdand cleanup by remove_proc_entry() at last of exit_nfsd. Which causes kernel OOPs if there is race betw...
CVE-2025-38261
In the Linux kernel, the following vulnerability has been resolved: riscv: save the SR_SUM status over switches When threads/tasks are switched we need to ensure the old execution'sSR_SUM state is saved and the new thread has the old SR_SUM staterestored. The issue was seen under heavy load especia...
CVE-2025-38263
In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() LINE#1794 - LINE#1887 is some codes about function ofbch_cache_set_alloc(). LINE#2078 - LINE#2142 is some codes about function ofregister_cache_set(). register_cache_set() will call bch...
CVE-2025-38269
In the Linux kernel, the following vulnerability has been resolved: btrfs: exit after state insertion failure at btrfs_convert_extent_bit() If insert_state() state failed it returns an error pointer and we callextent_io_tree_panic() which will trigger a BUG() call. However ifCONFIG_BUG is disabled,...
CVE-2025-38270
In the Linux kernel, the following vulnerability has been resolved: net: drv: netdevsim: don't napi_complete() from netpoll netdevsim supports netpoll. Make sure we don't call napi_complete()from it, since it may not be scheduled. Breno reports hitting awarning in napi_complete_done(): WARNING: CPU...
CVE-2025-38303
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix possible crashes on eir_create_adv_data eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWERwithout checking if that would fit.
CVE-2025-38312
In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000,cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It'sthen passed to fb_cv...
CVE-2025-38334
In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Prevent attempts to reclaim poisoned pages TL;DR: SGX page reclaim touches the page to copy its contents tosecondary storage. SGX instructions do not gracefully handle machinechecks. Despite this, the existing SGX code wil...
CVE-2025-38335
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT When enabling PREEMPT_RT, the gpio_keys_irq_timer() callback runs inhard irq context, but the input_event() takes a spin_lock, which isn'tallowed there as it is converted ...
CVE-2025-38337
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change itto call is_handle_aborted(handle) first before dereferencing it. And the following ...
CVE-2025-38342
In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, sothe property value requires at least '(index + 1) * sizeof(*ref)' bytesbut that can not b...
CVE-2025-38346
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0O...
CVE-2025-38348
In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi|interface and generates an eeprom_readback message with a large|eeprom->v1.len...
CVE-2022-49973
In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace:[ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380[ 224.462441] ? sock_has_perm+0x78/0xa0[ 224.462463] tcp_bpf_re...
CVE-2022-49974
In the Linux kernel, the following vulnerability has been resolved: HID: nintendo: fix rumble worker null pointer deref We can dereference a null pointer trying to queue work to a destroyedworkqueue. If the device is disconnected, nintendo_hid_remove is called, in whichthe rumble_queue is destroyed...
CVE-2022-49976
In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the Chuwi Hi8 is only necessary withthe Android BIOS and it is causing problems with the Windows BIOS ver...
CVE-2022-50007
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix refcount leak in __xfrm_policy_check() The issue happens on an error path in __xfrm_policy_check(). When thefetching process of the object pols[1] fails, the function simplyreturns 0, forgetting to decrement the reference...
CVE-2022-50009
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_get_dnode_of_data There is issue as follows when test f2fs atomic write:F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblockF2FS-fs (loop0): invalid crc_offset: 0F2FS-fs (loop0): f2fs...
CVE-2022-50013
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use f2fs_bug_on() in f2fs_new_node_page() As Dipanjan Das [email protected] reported, syzkallerfound a f2fs bug as below: RIP: 0010:f2fs_new_node_page+0x19ac/0x1fc0 fs/f2fs/node.c:1295Call Trace:write_a...
CVE-2022-50048
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: possible module reference underflow in error path dst->ops is set on when nft_expr_clone() fails, but module refcount hasnot been bumped yet, therefore nft_expr_destroy() leads to modulereference underflow.
CVE-2022-50078
In the Linux kernel, the following vulnerability has been resolved: tracing/eprobes: Do not allow eprobes to use $stack, or % for regs While playing with event probes (eprobes), I tried to see what wouldhappen if I attempted to retrieve the instruction pointer (%rip) knowingthat event probes do not...
CVE-2022-50096
In the Linux kernel, the following vulnerability has been resolved: x86/kprobes: Update kcb status flag after singlestepping Fix kprobes to update kcb (kprobes control block) status flag toKPROBE_HIT_SSDONE even if the kp->post_handler is not set. This bug may cause a kernel panic if another INT...
CVE-2022-50105
In the Linux kernel, the following vulnerability has been resolved: powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader of_find_node_by_path() returns remote device nodepointer withrefcount incremented, we should use of_node_put() on it when done.Add missing of_node_put() to avoid refcou...
CVE-2022-50106
In the Linux kernel, the following vulnerability has been resolved: powerpc/cell/axon_msi: Fix refcount leak in setup_msi_msg_address of_get_next_parent() returns a node pointer with refcount incremented,we should use of_node_put() on it when not need anymore.Add missing of_node_put() in the error ...
CVE-2022-50122
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173-rt5650: Fix refcount leak in mt8173_rt5650_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Fix refcount leak in some error...
CVE-2022-50123
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Fix refcount leak in mt8173_rt5650_rt5676_dev_probe of_parse_phandle() returns a node pointer with refcountincremented, we should use of_node_put() on it when not need anymore.Fix missing of_node_put() in er...
CVE-2022-50159
In the Linux kernel, the following vulnerability has been resolved: of: check previous kernel's ima-kexec-buffer against memory bounds Presently ima_get_kexec_buffer() doesn't check if the previous kernel'sima-kexec-buffer lies outside the addressable memory range. This can resultin a kernel panic ...
CVE-2022-50167
In the Linux kernel, the following vulnerability has been resolved: bpf: fix potential 32-bit overflow when accessing ARRAY map element If BPF array map is bigger than 4GB, element pointer calculation canoverflow because both index and elem_size are u32. Fix this everywhereby forcing 64-bit multipl...
CVE-2022-50217
In the Linux kernel, the following vulnerability has been resolved: fuse: write inode in fuse_release() A race between write(2) and close(2) allows pages to be dirtied afterfuse_flush -> write_inode_now(). If these pages are not flushed fromfuse_release(), then there might not be a writable open...
CVE-2022-50223
In the Linux kernel, the following vulnerability has been resolved: LoongArch: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS is selected,cpu_max_bits_warn() generates a runtime warning similar as below whilewe show /proc/cpuinfo. Fix t...
CVE-2022-50230
In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64:head: cover entire kernel image in initial ID map") as part of alarge refactoring of the arm64 boot flow. This simple fix is ...
CVE-2025-38039
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled When attempting to enable MQPRIO while HTB offload is alreadyconfigured, the driver currently returns -EINVAL and triggers aWARN_ON, leading to an unnecessar...
CVE-2025-38047
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes theFRED MSRs as needed from its perspective. It then loads a hibernationimage, including the image kernel...
CVE-2025-38048
In the Linux kernel, the following vulnerability has been resolved: virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN syzbot reports a data-race when accessing the event_triggered, here is thesimplified stack when the issue occurred: ===========================================...
CVE-2025-38052
In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done Syzbot reported a slab-use-after-free with the following call trace: ==================================================================BUG: KASAN: slab-use-after-free...
CVE-2025-38088
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the bychecking that the requested mapping region size should stay within theallocated region size.
CVE-2025-38091
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How]Fix a false positive warning which occurs due to lack of correct checkswhen querying plane_id in DML21. This fixes the warning when performing amode1 reset (...
CVE-2025-38092
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use list_first_entry_or_null for opinfo_get_list() The list_first_entry() macro never returns NULL. If the list isempty then it returns an invalid pointer. Use list_first_entry_or_null()to check if the list is empty.
CVE-2025-38097
In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referenceleaks when we try to delete the netns. The reference chain is: xfrm_state -> enacp_sk -> netns...
CVE-2025-38099
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can causethe controller to lock up.
CVE-2025-38108
In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, whenever SFQ perturb timerfires at the wrong time. The race is as follows: CPU 0 CPU 1[1]: lock root[2]: qdisc_tree_flush_backlog()[3]: unlo...
CVE-2025-38113
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Fix NULL pointer dereference when nosmp is used With nosmp in cmdline, other CPUs are not brought up, leavingtheir cpc_desc_ptr NULL. CPU0's iteration via for_each_possible_cpu()dereferences these NULL pointers, causing...
CVE-2025-38114
In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancel_work_sync to avoid deadlock Previously, e1000_down called cancel_work_sync for the e1000 reset task(via e1000_down_and_stop), which takes RTNL. As reported by users and syzbot, a deadlock is possible in the follo...
CVE-2025-38117
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmt_pending list with its own lock This uses a mutex to protect from concurrent access of mgmt_pendinglist which can cause crashes like: ==================================================================BU...
CVE-2025-38119
In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the error handler ufshcd_err_handling_prepare() calls ufshcd_rpm_get_sync(). The latterfunction can only succeed if UFSHCD_EH_IN_PROGRESS is not set becauseresuming involves submitting a SCSI command ...
CVE-2025-38122
In the Linux kernel, the following vulnerability has been resolved: gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO gve_alloc_pending_packet() can return NULL, but gve_tx_add_skb_dqo()did not check for this case before dereferencing the returned pointer. Add a missing NULL chec...
CVE-2025-38128
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: reject malformed HCI_CMD_SYNC commands In 'mgmt_hci_cmd_sync()', check whether the size of parameters passedin 'struct mgmt_cp_hci_cmd_sync' matches the total size of the data(i.e. 'sizeof(struct mgmt_cp_hci_cmd_sy...